how are password encryped?

[Charles Clarke]

Thanks to Jonathan for pointing out a possible mistake in my posting.
The man page for crypt(3) differs from how I remember the routine, but as
it has been several years, and due to system problems, I am unable to look
at it currently,...  Have to watch out for the old memory :-)

However, Jonathan, something to add to the *something* you know about
cryptography: a "key" does not have to be private.  Public key cryptography
has been around for a while.  What you have is a public key for encryption
and a private key for decryption.  I believe the most famous is the one
where you start with two large prime numbers and do some crunching to
get the keys.  (I won't put down what I remember about it because my memory
might be failing :-)

In an application like passwords where all you need is authentication and
not decryption, with public key encryption, either the key or the plaintext
can be the "private" information.

To support your view, I believe DES is a conventional(not public key)
encryption system in which case, with one piece of "private" information,
it would have to be the key.  BTW, usage in a man page does not qualify
as a method for determination of "proper" usage.  Though reading the man
page suggests the salt as a key in an encryption process of the hashing
algorithm.

Anyway, the point that was originally meant still stands(as supported in
another post by Jonathan:  Knowing the encryption process and the encrypted
password does not help much to determine the user's password.
Yes, it can be done, but it is computationally expensive and almost
infeasible with today's machines.  Knowing additional information like how
long it is and whether or not it has special symbols in it brings it down to
doable today(I have seen it done.  Before you ask, it was a case of a
forgotten root password, not "cracking" someone else's).


Enjoy!

charles